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1 Introduction 

For cryptographic applications, the linear complexity (L) of a sequence is an 
important merit factor. It may be defined as the length of the shortest linear 
feedback shift register that is capable of generating the sequence. The feedback 
function of this shift register can be deduced from knowledge of just 2L con- 
secutive digits of the sequence. Thus, it is reasonable to suggest that "good" 
sequences have L > N/2 (where N denotes the period of the sequence) [T]. 

Using classical cyclotomic classes and generalized cyclotomic classes to con- 
struct binary sequences, which are called classical cyclotomic sequences and gen- 
eralized cyclotomic sequences respectively, is an important method for sequence 
design pQ. In their paper [2] C. Ding and T. Helleseth first introduced a new gen- 
eralized cyclotomy of order 2 with respect to pi 1 ■ ■ ■ vV > which includes classical 
cyclotomy as a special case and they show how to construct binary sequences 
based on this new generalized cyclotomy. There are many works devoted to the 
investigation of the properties of the Ding-Helleseth sequences. In particular, the 
linear complexity of these sequences is studied in [3-11]. Most of the papers study 
a special case described in sections 1-5 of [2J. In addition, the linear complexity 
of the sequences based on cyclotomic classes of higher orders was considered for 
specific modules (p n ,pq) and for a special case [9, 12-14]. 

The purpose of this paper is to find Ding-Helleseth generalized cyclotomic 
sequences with arbitrary periods and high linear complexity. In particular, we 
generalize the result of Tongjiang Yan [TS]. Also we discuss the computation of 
the linear complexity of these sequences in the general case. 



2 Basic Definitions and Notations 



In this section let us briefly recall the definition of Ding-Helleseth generalized 
cyclotomic sequences [2|. 

Let n — pi 1 ■ ■ ■ , when pi, ...,p t be pairwise distinct odd primes satisfying 

gcd (p^ipi - l),p e /'\p 3 - 1)) = 2 for all i ^ j 

and ei > 1, et > 1 be integers. 

Let Z n be the ring of residue classes modulo n. According to the Chinese 
Remainder Theorem 

Z n = Z p? x ... x Z v7 (1) 

relatively to isomorphism ip(x) = (x (mod p\ 1 ) 1 ...,a; (mod pi 1 ))- Here and here- 
after x(mod n) denotes the least nonnegative integer that is congruent to x 
modulo n. 



It is well known that exists a primitive root gi modulo p^' . Let D 



•>(P< ) 
o 



{9i 2j \i <= Z} be the subgroup of Z%, generated by g-, and D[ Pi ' = gi-Dg \ 
where the arithmetic is that of Z p *i , i = 1, 2, t. 

Let a — (oi, ...,at) be a nonzero vector from (Z2) and 

4°' n) = { (H,.. ., it) e (3,)' 1 $>a* = o| , I<<^ = (Z 2 f x 



By definition, put [2] 

B j«,n) = Yl r>? ;i) x ... x and D^'" 3 - y^ 1 (sj a ' n) ) , j = 0, 1. 

From our definition it follows that [5] 

Z ? ; = D { ^ n) U D<°* n) , D { ^ n) n D^ a ' n) =0. (2) 

Clearly there is an element b G Z* such that D[ a ' n) = bD ( a ' n) . The £>£ a ' n) and 
D[ a ' n ^ are called generalized cyclotomic classes of order 2 with respect to a and 
n. In the following Z)\ a '" 3 will denote D^ a ', n ^ , 

° J j (mod 

Further, by [2] we have a partition 



^\w= U 5^* ( 3 ) 



d|n,d>l 

Let d > 1 be a positive integer and d\n, and the nonzero vector a d = 
(a^\ dm) £ (Z^f 1 , where m is a number of different prime numbers par- 
ticipating in the factorization d. By © and Q we obtain 



d|n,d>l 



2 



Let 

C = (J ^D^'^ and Ci= (J U {0}. 

d|n,d>l rf|n,(i>l 

Then {Co, Ci} is a partition of Z n , i.e. Z n = Co U C\ and Co (1 Ci = 0. 
In accordance with [5] , the binary sequence s°° is then defined by 

Si — j if and only if j (mod n) £ Cj . 

The s°° is called Ding-Helleseth sequence, with the most frequently discussed 
options when = (0, 0, 1). 



3 Evaluation of the Linear Complexity of Ding-Helleseth 
Sequences 

In this section we find sufficient conditions for Ding-Helleseth sequences to have 
high linear complexity. Define g to be the unique solution of the following set of 
congruences 

g = g, (mod ), i = 1,2, ...,t. 
LEMMA 1. If Y,k=i 4 d) is an odd number, then 

n (a d: d) _ n (a d ,d) 

for j = 0, 1 , where the arithmetic is that of Z^. 

PROOF. Let d = p^ ■ ■■p l £ n > where j k £ {1,2, ...,t},k = 1,2,..., m and in- 
tegers Ik satisfy the set of inequalities 1 < Ik < ej k ,k = 1,2, ...,m. By the 
definitions of Jj < \ ad ' d ' ) and q we obtain 

0, *.)« V ' V J 

where 4>(x) = (x (mod pi), a; (mod Pj™)) or 

The sum J^feLi (ifc + l ) a [ d) = SfeLi a fc d) for C?i) •••> Jm) S 4 ad ' d) , therefore, 
by the condition of Lemma (ji + 1, ...,j' m + 1) £ /j" 4 '^ and by (2) we have 
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Then gD\^ d,d ^ C £)( Qd ' d ) ; but as their orders are equal we obtain gDg ad ' d ^ 



(a d ,d) 



D 1 

The assertion gD[ ad:d ^ — £)^ ad ' d ^ can be proven similarly. 

Let a be a primitive n-th root of unity in the extension of field GF(2). Then 
by Blahut's theorem for the linear complexity L of the sequence s°° we have 

L = n-\{v \S{a v ) =0,u = 0, 1, ...,»- 1} | , (4) 

where S(x) is defined by S(x) = ^ x l . 

In order to investigate the values of S(a v ), let us introduce subsidiary polyno- 
mials. Let Sa(x) = ^2 x 1 , where A is a subset of Z n . Then for any v — 1, n— 1 

we obtain 

S Co (a v ) + S Cl (a v ) = 0. (5) 

LEMMA 2. If Y?k=i a< k ^ is an °dd number, then for any v = 1, 2, n — 1 we 
have 

S„ («„,*) (a" 9 ) = ( a d ,d) (a") . 

PROOF. By Lemma 1 gD[ ad4) = D ( a ad ' d) in the ring Z d , then ^D[ a "' d) = 

%gD { ad d) in the ring Z n and the statement of Lemma follows from the defi- 
nition of auxiliary polynomial. 

Let S = < ^' ^ ^ W _ ^' that is 5 = <}.' — ^ ( m °d 4), because by 
I 0, otherwise. [ 0, otherwise. 

definition of sequence S(l) = (n + l)/2. 

THEOREM 1. Suppose that for any integer d > 1 with d\n sum Ylk=i a if 
is an odd number; then for the linear complexity L of the sequence s°° we have 

L > (n + l)/2 — 6. 

PROOF. By definition of the sequence s°° for all v = 1, n — 1 we obtain 



SK)= Yl S^ d , d) {a v ) + l. 

d\n,d> 1 

Then, by Lemma 2 

s(o»»)= ^ K) + 1, 

tZ|n,d>l 

therefore SV 9 ") = Sc K) + 1- Hence, by (5) we get S(a v ) + S{a 9V ) = 1 for 
all v = 1, n — 1. So, the order of the set 

\{v\S(a v ) = 0, v = 1, 2, ...,»- 1}| < (n - l)/2, 

then by ((U) we have, L > (n + l)/2 — 6, which was to be demonstrated. 



4 



COROLLARY. If 2 = g (mod n) under conditions of Theorem 1, then L — n— 
8. Indeed, in this case S(a v ) + S 2 (a°) = 1 and S(a v ) ^ for all v = 1, 2, n-1. 

Let us make some more remarks on Theorem 1. When = (0, 0, 1), i.e. in 
the special case of Ding-Helleseth generalized cyclotomic sequence, the condition 
of the Theorem 1 is automatically satisfied, so for this kind of sequences the 
evaluation of the linear complexity L > (n + 1)/2 — S is always valid. It is easy to 
see that this is in accord with already known results about the linear complexity 
of the sequences of periods p n ,pq [3-12]. It should be noted that not all the 
sequences examined in [3-12] can be defined as s°°. 

Further, if 



then like in [9, 12-14] for we can define the generalized cyclotomic classes 
Hp\k = 0,1, ...,r- 1 of order r. Now, we suppose D^' t%) = [J^ 1 H { ^ %) 

and D^* %) = (J/!=r/2#fe'* ,) 03- Then ' for a d = (0,...,0, 1) the evaluation of 
the linear complexity given in Theorem 1 is valid also for generalized cyclotomic 
sequences built on new classes. We can prove it by just replacing the element g 
with g r / 2 in Lemmas 1 an 2. This is consistent with the results from [9, 12-14]. 

So, Theorem 1 establishes sufficient conditions for existence of Ding-Helleseth 
sequences with high linear complexity. 

In the next section we discuss how the linear complexity of the generalized 
cyclotomic sequences could be computed in the general case. In particular, we 
show that if amongst vectors a<j there exists one with the even sum of coor- 
dinates, then there exists some n for which the statement of Theorem 1 is not 
true. 

4 About Computing of the Linear Complexity of 
Ding-Helleseth Sequences 

Now let us generalize the method of computing the linear complexity of the gen- 
eralized cyclotomic sequences with period pq proposed in [16] . By construction 
we see that 



gcd 



(p? 1 (Pi ~ l ),p e / 1 (Pj ~ 1)) = r for all i ^ j, 




(6) 



rf|n,rf>l 




where each 6j, i = 1, m is uniquely determined modulo pj_ and hi ^ 0(modp Ji ). 
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Let /3k = a bkn ^ Pj i< , k = 1, m, then (3^ is a primitive p l j° k -th root of unity in 
the extension of the field GF(2) and 

a = /3i.../3 m . 

Generalizing Theorem 1 from [16] we obtain the following. 
LEMMA 3. If d = p 1 ^ ...p l ™ m , then for v = 1, n - 1 we have 



S, 



where 4 P ' J W=E 

(p ! > ) 

The method of computation of 5* ifc Jfc (/3J fc ) over the values of the classical cy- 
clotomic sequences polynomial was proposed in [7-9]. Thus, formula ([5]), Lemma 
3 and the results from [10] allow us to compute the values of the polynomial 
S(a v ), and consequently the linear complexity of Ding-Helleseth sequence if we 
know the kind of factorization of n. By example let us look on the case when 
the conditions of Theorem 1 does not hold. 

Let n = p\pi and a PlP2 = (1, 1) then 

jj"* 1 "™ 1 ={(0,1), (1,0)} and J^' P1 ) = /(°*2^) ={(!)}, 

because by definition a pi — a P2 — (1). If d = P1P2, then f3\ — a blP2 and 
/3 2 = a b2P \ where b lPl + b 2 p 2 = 1 • Therefore a Pl = /3f , a P2 = /3 Pl . 

Hence by Lemma 3 and ((BJ) for n — p\p 2 and a plP2 = (1,1) we obtain 

sv) = So pl ^r)£? 23 c^)+Si^ 

(7) 

The properties of the polynomials Sj Pl \x), j, i = 0, 1 were examined in [T7] . 
LEMMA 4. If « e then 

„, v\ _ $ 0, if f>i = 3 (mod 4) and p 2 = 3 (mod 4), 
[1, otherwise. 

PROOF. If u e Z*, then from ©, we obtain 

S( a ») = S^\pt) + S^ 2 \p v 2 ) + ^ Pl) (/3f ") + S (p2 \p Pl v ). (8) 

Let us consider two cases 

1) If pi = |>2 = 3 (mod 4), then in accordance with the law of quadratic 
reciprocity the Legendre symbols (j^J and (j^J are different. Without loos of 

generality, we can assume that (jj^j =1 ■ Then 

S[ P1 \(3 P2V ) = ^ Pl) (/?i) and s[ P2 \/3 PlV ) = S {p2 \^). 
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By means of these relations we replace the last two terms in (|SJ| and now obtain 
S(a v ) = for all v S Z*. 

2) If pi = 1 (mod 4) or p 2 = 1 (mod 4) then (^j = (f^j- In this case 
without loos of generality, we can assume that 

s[ Pl \(3 P2V )=s[ Pl \(3 v 1 ) and S{ P2 \p^ lV ) = S[ P2 \^) 

Then by [17 and © we get S{a v ) = 1 for all v 6 Z*. 

Lemma 4 makes it clear that the statement of Theorem 1 is not true for 
n = pip 2 and a plP2 = (1, 1). 

With Lemma 4 we can conclude the computation of the linear complexity. If 
n = P1P2 and a plP2 = (1, 1), then for the sequence s°° we have 

1. L = pi + P2 — 1, if pi =3 (mod 8) and P2 = 3 (mod 8); 

2. X =pi + (p 2 - l)/2, if pi = 3 (mod 8) and p 2 = 7 (mod 8); 

3. L = p 2 + (pi - l)/2, if pi = 7 (mod 8) and p 2 = 3 (mod 8); 

4. L = (p x + p 2 )/2, if pi = 7 (mod 8) and p 2 = 7 (mod 8). 

5 Conclusions 

In the paper we defined sufficient conditions for designing Ding-Helleseth se- 
quences with arbitrary period and high linear complexity for generalized cyclo- 
tomies. In particular, we have that the most frequently considered variant of 
Ding-Hcllcscth sequences possesses high linear complexity for any period. Also 
we discuss the method of computing the linear complexity of Ding-Helleseth 
sequences in the general case. 
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